Planview Admin Certificate Refresh 2024
On Wednesday October 23, 2024, at 10pm CDT (UTC-5) Planview Operations team will perform a certificate rotation on the Planview Admin Service Provider (SP) certificate.
Your IT department must assess if your IdP configuration requires the Planview Admin SP certificate. If your IdP does not require it, then you do not need to do anything else.
If your IdP configuration does require the Planview Admin SP certificate, your IT department has two options:
- Update the security certificate in your IdP on Wednesday October 23, 2024, at 10pm CDT (UTC-5).
- Change your IdP settings so that it does not require the certificate.
WARNING
If your IdP configuration requires the Planview Admin SP certificate and you do not update your configuration on October 23, 2024, at 10pm CDT (UTC-5), users will not to be able to authenticate into Planview Admin via SSO until the certificate is updated or your configuration no longer requires the certificate.
The security certificate can be updated ahead of time if you can set the change to go live on or after our security certificate changes. Your update cannot occur before our update is complete.
Certificate settings for common IdP providers
To help your IT department assess your IdP settings, we compiled a list of common IdP providers and where to find their certificate configuration options. In these settings, your IT department can take the following actions:
- Update the security certificate.
- Change the setting so that it does not require the certificate.
| IdP | Certificate configuration location |
|---|---|
| Microsoft Entra |
In Entra, Verification certificates are configured from the "Single sign-on" section of your configuration of the Planview Admin Enterprise Application. Our recommendation is to set Required to No. Learn how to configure your security certificate settings here: https://learn.microsoft.com/en-us/en...e-verification
|
| ADFS |
In ADFS, certificate configuration is in the Signature tab. To learn more about this setting, go to: https://techcommunity.microsoft.com/...-hId-964184727 Leave any existing certificates (if there are any) until after Oct 24, 2024. Add the new Planview Admin certificate (with effective date September 24, 2024) so that there are two listed. (Note the picture below is for illustrative purposes. The effective dates will not exactly match the picture). The new certificate can be downloaded here: https://cert.id.planview.com/pvadmin-prd-24.cert |
| Okta |
In Okta, the signing certificate information is located in the SAML Settings section of the Planview Admin application. If the Signed Requests is set to enabled, use the Signature Certificate to upload the new certificate. To learn more about replacing signature certificates in Okta go to: https://support.okta.com/help/s/arti...language=en_US
|
| PingFederate |
To learn how to manage your security certificate settings in PingFederate, visit: https://docs.pingidentity.com/pingfederate/latest/administrators_reference_guide/help_spprotocolsettingstasklet_spsignaturepolicystate.html
|
| Ping Identify | To learn how to manage your security certificate settings in Ping Identify, visit: https://support.pingidentity.com/s/a...-from-metadata |
| Keycloak |
In Keycloak, the certificate settings are under Signing keys config. To learn more about this settings page go to: https://www.keycloak.org/docs/latest...dmin/#keys-tab
|
New Planview Admin Service Provider Certificate
If your IT department decides that your IdP requires the Planview Admin SP certificate, then you can send them the following URLs where they can copy the updated certificate. Send them only the URL that is appropriate for your region:
Alternatively, you can use this link to download the new certificate file and send the file to your IT department.